cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

Align users

Browse source
This commit is contained in:
Chris Dombroski 2024-09-20 20:59:41 -04:00
parent 21c2cc9136
commit 927e6b1543
6 changed files with 37 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos-modules/common/common.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{ {
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";

3
nixos-modules/common/nix.nix
View file

@ -1,4 +1,3 @@
{ ... }:
{ {
programs.git.enable = true; programs.git.enable = true;
programs.nh = { programs.nh = {
@ -6,12 +5,14 @@
clean.enable = true; clean.enable = true;
clean.extraArgs = "--keep-since 7d"; clean.extraArgs = "--keep-since 7d";
}; };
nix = { nix = {
settings = { settings = {
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
use-xdg-base-directories = true;
}; };
optimise.automatic = true; optimise.automatic = true;
}; };

38
nixos-modules/common/sshd.nix
View file

@ -5,16 +5,38 @@
... ...
}: }:
{ {
sops.secrets."root/password" = { sops.secrets = {
neededForUsers = true; "root/password" = {
neededForUsers = true;
};
"cdombroski/password" = {
neededForUsers = true;
};
};
security = {
sudo.extraConfig = "Defaults lecture = never";
}; };
services.openssh.enable = true; services.openssh.enable = true;
users.mutableUsers = false; users = {
users.users.root = { mutableUsers = false;
hashedPasswordFile = config.sops.secrets."root/password".path; users = {
openssh.authorizedKeys.keys = [ root = {
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" hashedPasswordFile = config.sops.secrets."root/password".path;
]; openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
};
cdombroski = {
description = "Chris Dombroski";
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
hashedPasswordFile = config.sops.secrets."cdombroski/password".path;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
};
};
}; };
environment.systemPackages = [ pkgs.zellij ]; environment.systemPackages = [ pkgs.zellij ];
programs.starship.enable = true; programs.starship.enable = true;

6
secrets/secret.yaml
View file

@ -1,5 +1,7 @@
root: root:
password: ENC[AES256_GCM,data:u8vkGrHjAq2tDIJEbEMNPrPe7GCQNixVRRPxYPyPLvTzEApiBwsgaHp8QbMeDYGSGGkzh7EOBVeFVjUsxUtwzuYXPFILeDniUw==,iv:AoRZB3GMrn/qXgu/CMghXuu0ReHDmLdRNHAcKPgirnQ=,tag:7jlaBeKHuCa1JfV7sHo05Q==,type:str] password: ENC[AES256_GCM,data:u8vkGrHjAq2tDIJEbEMNPrPe7GCQNixVRRPxYPyPLvTzEApiBwsgaHp8QbMeDYGSGGkzh7EOBVeFVjUsxUtwzuYXPFILeDniUw==,iv:AoRZB3GMrn/qXgu/CMghXuu0ReHDmLdRNHAcKPgirnQ=,tag:7jlaBeKHuCa1JfV7sHo05Q==,type:str]
cdombroski:
password: ENC[AES256_GCM,data:PXPYYrQM7c7fvPA+Msgx4U2NBSjkBqnocJBue4MgfIo6z6PdAJ6AkKVYCDRNxTxj0wsSEuToRS/aQQy6oIia7jge8bACVhmBRA==,iv:76SvY8blDcU5aJALIwEoI6GsdVq3eSA/+XWt1QaE3ww=,tag:Mj4Qht7dKe8k+vsfwdSabQ==,type:str]
gmail: gmail:
password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str] password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str]
nixremote: nixremote:
@ -48,8 +50,8 @@ sops:
OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM
IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA== IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-19T20:35:48Z" lastmodified: "2024-09-21T00:34:07Z"
mac: ENC[AES256_GCM,data:lOkE5d9A8qgtmLuk1XTw0OjUaEutUVRCTpkoBy5QG0gWCO23/GjT2ZD/igB4fYtiMsXg0JfpDDGZwX0Z/rT8E/orBQKSP9iIyp0Or+qJMSo128Ja6VlC9Z1amQryT6A4ZMA0PxtQs8gxbPDrNpoO2yI3QtEQ2+OXnaOVig42baY=,iv:JXRG6+HvdTh7MssRdNV+koAF2EOQU4RxVewUKUzURsI=,tag:ibMk9Wc/AGIN92hCBQhCYw==,type:str] mac: ENC[AES256_GCM,data:2Fu3hMLZoVQHEU74udyEv3ZnuR5h8qV5HmdCld86aPhe+zfSFKuIQ2fzsyTTjh4nElakGAaENZ3DJZ+p2ehefkolcABe/dIKTl8wFQRAA/qLSmsP1KMkQoLnO/GGrRqU9hnGJB+k/nIjonspRqlV+Qzxj7zdv7LL8CHnznLTuII=,iv:27FOu0jEPjOuAsxC8Hp+0KYCeI1zpm3ocsY32+KpJwE=,tag:8yUIG/SV/D8pE6UKqGo3Xw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

31
secrets/smolboi/users.yaml
View file

@ -1,31 +0,0 @@
cdombroski:
password: ENC[AES256_GCM,data:y4WEliyhHI+M9GHkH40jnbjcsR6pcNOx0TNvGvGSjqy82589XyfjTWsuM63d6RApQAr67xp9rDK2e42/II+IBgmZhrCy4ZNfkw==,iv:YRroI8xD9OAoTZ2dvN7QgCX8bXCdjGwEnN/STbI8UcU=,tag:MGt22XEvxZegvEGA6xEGQw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age15va8dthvmn30ymex0kkrrk034aq25drmsx4mkmf480a8uq4tvcyqw5s4uk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSXNFeWttQkxPT1oxV01V
ZlVHeHlQencrcVQyVzlpRDM1b3JOd0ZTK1Y0CndXQWg2dHB6L3BvS3IwYlBteU91
cmZSb1BnSFViVHNaUXNVOXNBOG8ySzAKLS0tIGxwYzlWSnpTT3VaM2RqbWFLc0or
alczZGxNR1VCZkFmY3JRNmlaWHI4U2cKjIRtFLGaSnD+qiNQu1vZmAW3Ct0Mt3vW
6fhU0J1X3pdv/dtmuhtc3Bc0SyrUsdqJwPimSdoVd+mtutPrUHWijQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qmv6x6zwxhaks86nqtsvck56ucdyc9fakgp59a30afl95p6vp4aqyf22hp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdVRZSDdwTGpGWjZQZmQy
WDJmS1IzeXMrZk5rUEJ5dXJKMXlKUCsyV0JrCjJkbDZyQTB2SU9IeUZtVkxUREtp
ZDlPZEhRWE9vT1hCS0s3bi9qNWNLVU0KLS0tIE9Bd09yZHgrdDg2RnlFbXArcEV1
TGJhc2xmQ0dYdzBscDJac056dWx5ZDQK0cqHidbDzQ69Tg+HK/t52BN4+8Sjmbyh
McK8kBR738UH8DvrJOGTzNOVMGp07FF8hUKOw0KcpFULb7ir/foXLg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-04T17:38:31Z"
mac: ENC[AES256_GCM,data:oYfsHr8jA39eP78pujq4FQnGKzUDq/nDAHfeCxBvZFpbDR6kTDSUrmScd8yfAwqbX3I3T2hiRDG2+AT/OZWBWod5meOinOKoPDgcG73K1cMFLUKVDlmd7jut9JQv5asfUslDgWV8Vqs0f8LQDHMKN9Z4xRUaCY+kUCx8RvQPNf4=,iv:3Pji1pVoj8tYlM+10kH1oQNcjU9Ila8EAvIwdexVYF4=,tag:51SG2cvRd5KnIOnTGWIfNw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

18
systems/smolboi/configuration.nix
View file

@ -23,10 +23,6 @@
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
sops.secrets."cdombroski/password" = {
neededForUsers = true;
sopsFile = ../../secrets/smolboi/users.yaml;
};
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
@ -44,8 +40,6 @@
}; };
}; };
nix.settings.use-xdg-base-directories = true;
services = { services = {
ratbagd.enable = true; ratbagd.enable = true;
displayManager = { displayManager = {
@ -94,22 +88,12 @@
}; };
security = { security = {
sudo.extraConfig = "Defaults lecture = never";
rtkit.enable = true; rtkit.enable = true;
}; };
users.users = {
cdombroski = {
description = "Chris Dombroski";
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
hashedPasswordFile = config.sops.secrets."cdombroski/password".path;
};
};
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
vim-full # Do not forget to add an editor to edit zeus.nix! The Nano editor is also installed by default. vim-full
libreoffice-qt libreoffice-qt
firefox firefox
syncthing syncthing